Predicting the year of cybersecurity ahead (minus regulations)
S04 EP 02: Common themes we can expect to see in 2025
The post Predicting the year of cybersecurity ahead (minus regulations) appeared first on Security Boulevard.
S04 EP 02: Common themes we can expect to see in 2025
The post Predicting the year of cybersecurity ahead (minus regulations) appeared first on Security Boulevard.
On January 6, 2025, Meta, formerly known as Facebook, formally announced that it would cease its “fact-checking” operations, and allow the internet itself, through comments posted, to be the final arbiter of what is true and false.
The post Facts, Schmacts – Meta Joins X in Ceasing Content Moderation appeared first on Security Boulevard.
From smartphones to smart homes and even industrial applications, embedded systems are everywhere. But as these systems become more prevalent in our daily lives, the risks of cyber threats grow just as fast. That’s why it’s essential to build security into these embedded systems by design. And just as important as security itself is how […]
The post Hardware Cryptographic Accelerators to Enhance Security Without Slowing Down appeared first on Security Boulevard.
Amazon Phish Hunts for Security Answers and Payment Information
The post Amazon Phish Hunts for Security Answers and Payment Information appeared first on Security Boulevard.
Cybersecurity is much more than just a technical challenge. It’s now a critical business imperative that requires a strategic risk management approach. By integrating cybersecurity into broader risk management frameworks, you can proactively address threats, improve resilience, and align your security efforts with your core business objectives. Shifting your organization’s collective mindset around this concept is essential for long-term success ... Read More
The post Cybersecurity as a Business Imperative: Embracing a Risk Management Approach appeared first on Nuspire.
The post Cybersecurity as a Business Imperative: Embracing a Risk Management Approach appeared first on Security Boulevard.
Authors/Presenters: Melvin Langvik
Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.
The post DEF CON 32 – Evading Modern Defenses When Phishing With Pixels appeared first on Security Boulevard.
The Growing Need for Cybersecurity Awareness Training (SAT) In today’s rapidly evolving cyber threat landscape, organizations are increasingly recognizing the critical importance of Cyber Security Awareness Training (SAT) as a fundamental defense strategy. Regulatory changes like NIS2 and DORA further emphasize this need for robust cybersecurity initiatives. However, despite this acknowledgment, many organizations are still […]
The post How Slashing the SAT Budget Is Appreciated By Hackers appeared first on CybeReady.
The post How Slashing the SAT Budget Is Appreciated By Hackers appeared first on Security Boulevard.
This is a news item roundup of privacy or privacy-related news items for 9 FEB 2025 - 15 FEB 2025. Information and summaries provided here are as-is for warranty purposes.
Note: You may see some traditional "security" content mixed-in here due to the close relationship between online privacy and cybersecurity - many things may overlap; for example, major vulnerabilities in popular software, which may compromise the security of user's devices (and therefore pose a threat to their privacy) and large data breaches where significant personal information is exposed.
Items presented here are typically curated with the end user and small groups (such as families and small/micro businesses) in mind. Due to this focus, items primarily affecting enterprises or large organizations may not be included, even if they are widespread or "popular" stories.
TABLE OF CONTENTS
Try to remember deleting accounts you no longer need or use. The more accounts you have, the bigger your attack surface and potential exposure to data breaches. Tips for finding old accounts.
Surveillance Tech in the NewsThis section covers surveillance technology and methods in the news. Specifically, stories and news items where public and/or private organizations have leveraged their capabilities to encroach on user privacy; for example, data brokers using underhanded means to harvest user location data without user knowledge or public organizations using technology without regard for user privacy.
Google's reCAPTCHA is not only useless, it's also basically spyware
Techspot
This study demonstrates Google's reCAPTCHA v2 and v3 are flawed and don't actually keep out bots. The research also shows that reCAPTCHA relies on fingerprinting (collecting "user agent data and other identifying information") and shares this data with advertisers.
The Murky Ad-Tech World Powering Surveillance of US Military Personnel
WIRED
This is mostly a continuation of another WIRED article where they detailed how Ad-Tech got the personal information and location data of US military members stationed in Germany. This article reveals that a Lithuania-based business acquired this information but would not disclose how they obtained it specifically.
Revealed: gambling firms secretly sharing users’ data with Facebook without permission
The Guardian
The Meta Pixel strikes again. Gambling sites - that users visit - have the Meta Pixel embedded in their code, sending data on users to Meta, who then displays targeted ads to users. The users claimed to have never opted into tracking; but the Meta Pixel automatically captured their information and pushed it to Meta.
This primarily centers on the UK. However, given the prevalence of the Meta Pixel on many of the world's most popular websites, it's relevant enough to include here.
Privacy Tools and ServicesPrimarily covers tools and services with a focus on maintaining/improving/respecting user privacy. Generally includes recommended services/tools found on avoidthehack, but also may feature upcoming/other privacy services not necessarily recommended or promoted by avoidthehack.com
Privacy ToolsProton Wallet brings safe Bitcoin self-custody to everyone
Proton
Proton has publicly released its self-custody Bitcoin wallet.
Introducing Bitwarden Cupid Vault to securely share (and unshare) passwords with loved ones
Bitwarden
Bitwarden has already had the ability to securely share passwords. The Cupid Vault Configuration follows a similar approach.
Privacy ServicesMullvad has partnered with Obscura VPN
Mullvad
Mullvad announces its partnership with ObscuraVPN; Mullvad WireGuard VPN servers can be used as the exit hop for the two-party VPN service offered by ObscuraVPN.
Single sign-on (SSO) and password generator rules are now available for Proton Pass
Proton
Proton Pass now supports single sign-on and allows setting of password generator rules.
Kagi Search introduces Privacy Pass and Tor onion service for enhanced privacy & anonymity
AlternativeTo
Kagi launched a Tor onion service. Kagi also introduces Privacy Pass, which allows users to authenticate to servers (like Kagi's) without revealing their identity; this should ensure searches are unlinkable to accounts.
Vulnerabilities and MalwarePrimarily includes severe and exploited vulnerabilities in devices or software used by end users (ex: a major router firmware flaw). Malware campaigns covered generally target/affect the end user.
This section will not contain every vulnerability/CVE or malware campaign reported, but will focus on those with the largest potential impact on a wide range of end users.
VulnerabilitiesMicrosoft’s February 2025 Patch Tuesday Addresses 55 CVEs (CVE-2025-21418, CVE-2025-21391)
Tenable
This week was a Patch Tuesday (11 FEB) from Microsoft. According to Tenable, Microsoft patched 55 CVEs.
CVE-2025-21418. Escalation of privilege in the Ancillary Function Driver for WinSock on Windows. When exploited, an authenticated attacker could elevate to SYSTEM level privileges. This has been exploited in the wild as a zero-day.
CVE-2025-21391. Another privilege escalation vulnerability, but in Windows Storage. When exploited, a local authenticated attacker could delete (but not necessarily read) files from a system, which could result in data loss. This has been exploited in the wild as a zero-day.
CVE-2025-21194. Publicly disclosed security feature bypass affecting the Microsoft Surface. Successful exploitation requires an attacker getting access to the same network as the device and convincing the user to reboot their device.
Apple Patches 'Extremely Sophisticated Attack' That Can Hit iPhones
PCMag
Apple released an emergency update (18.3.1) to iOS. This patch fixes a vulnerability where USB Restricted Mode can be disabled on iPhones; this vulnerability has reportedly been exploited by law enforcement to access a locked iPhone. Tracked as CVE-2025-24200.
Apple describes the zero-day as a highly sophisticated attack against a targeted individual.
New Exploitation Surge: Attackers Target ThinkPHP and ownCloud Flaws at Scale
GreyNoise
Threat actors are attempting to exploit a local file inclusion vulnerability (tracked as CVE-2022-47945) in ThinkPHP and an information disclosure vulnerability (tracked as CVE-2023-49103) in ownCloud. While these are "old" vulnerabilities, there has been a recent notable wave of active exploitation looking to exploit vulnerable instances.
Google fixes flaw that could unmask YouTube users' email addresses
Bleeping Computer
A vulnerability in internal APIs; specifically, the API leaked a user's "Gaia ID," which is meant for internal-to-Google use only for identification between Google's services and sites. This could be use to identify users on YouTube.
MalwareValve removes Steam game that contained malware
TechCrunch
A game (PirateFi) on Steam was actually malware in disguise. It was removed by Valve; Valve sent a message to users who downloaded the game, telling them to "consider fully reformatting your operating system" and to "run a full-system scan using an antivirus product..."
The post Privacy Roundup: Week 7 of Year 2025 appeared first on Security Boulevard.
Policy management is the sturdy scaffolding that supports governance, risk, and compliance (GRC) objectives while shaping corporate culture and ensuring adherence to regulatory obligations. Yet, many organizations struggle with a disjointed approach—policies scattered across departments, processes misaligned, and technology underutilized. Why Policy Management Maturity Matters Organizations with disconnected policies end up with fragments of truth […]
The post Best Policy Templates for Compliance: Essential Documents for Regulatory Success appeared first on Centraleyes.
The post Best Policy Templates for Compliance: Essential Documents for Regulatory Success appeared first on Security Boulevard.
Cybersecurity and risk management are often treated as separate disciplines within organizations. Security teams focus on identifying and mitigating technical threats, while risk teams take a broader approach to evaluating business exposure. However, this disconnect creates a challenge: security teams struggle to communicate risk in a way that resonates with executives, while risk managers lack real-time insights into evolving cyber threats.
The post Bridging the Gap Between Security and Risk with CRQ appeared first on Security Boulevard.
Articles related to cyber risk quantification, cyber risk management, and cyber resilience.
The post Cyber Security GRC and Quantifying ROI | Kovrr appeared first on Security Boulevard.
Each IT and security team has its function, but unless they row in unison — aligning on strategy, focus and execution — the organization will flounder.
The post Rowing in the Same Direction: 6 Tips for Stronger IT and Security Collaboration appeared first on Security Boulevard.
In this episode, we discuss the UK government’s demand for Apple to create a secret backdoor for accessing encrypted iCloud backups under the Investigatory Powers Act and its potential global implications on privacy. We also discuss the first known case where AI chatbots were used in a stalking indictment, highlighting the dangers of technology misuse […]
The post UK’s Secret Apple Backdoor Request, AI Chatbots Used For Stalking appeared first on Shared Security Podcast.
The post UK’s Secret Apple Backdoor Request, AI Chatbots Used For Stalking appeared first on Security Boulevard.
Learn why DMARC is important for blocking phishing, securing your domain, and ensuring email deliverability in 2025. Stay compliant and protected.
The post Why is DMARC Important? [2025 Updated] appeared first on Security Boulevard.
Authors/Presenters: Paul Brownridge
Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.
The post DEF CON 32 – I Am Still The Captain Now! appeared first on Security Boulevard.
The post PCI DSS 4: Compliance Guide for SAQ A-EP Merchants to comply with Requirements 6.4.3 and 11.6.1 appeared first on Feroot Security.
The post PCI DSS 4: Compliance Guide for SAQ A-EP Merchants to comply with Requirements 6.4.3 and 11.6.1 appeared first on Security Boulevard.
Why is Cloud Data Safety a Paramount Concern? With the increasing movement of organizations to the cloud, ensuring data security has become a top priority. It’s a well-known fact that organizations thrive on data. But what if this data falls into the wrong hands due to weak cloud security? The results can be catastrophic, leading […]
The post Keeping Your Cloud Data Safe: What You Need to Know appeared first on Entro.
The post Keeping Your Cloud Data Safe: What You Need to Know appeared first on Security Boulevard.
Over a decade ago, I was more than a little amused at a 419 message of the “I’ve been hired to assassinate you” sub-category to which my friend and colleague Urban Schrott, then at ESET Ireland, drew my attention, so I wrote it up in a couple of articles, one of which I won’t reference […]
The post A Deadly Unserious 419? appeared first on Security Boulevard.
Authors/Presenters: Lucas Rooyakkers & Billy Graydon
Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.
The post DEF CON 32 – Fitness of Physical Red Teamers appeared first on Security Boulevard.
Proper GenAI governance will control and manage the risks associated with NHI growth, bringing equilibrium and balance between security and AI innovation to IT ecosystems.
The post The Hidden Cybersecurity Crisis: How GenAI is Fueling the Growth of Unchecked Non-Human Identities appeared first on Security Boulevard.